Comments for Dave Stork's IMHOhttps://dirteam.com/dave
A blog mostly about Exchange related stuff.Wed, 21 Jun 2017 05:59:38 +0000hourly1Comment on Do not move RBAC Role Groups out of the Exchange Security Group OU by uTILLItyhttps://dirteam.com/dave/2012/02/07/do-not-move-rbac-role-group-out-of-the-exchange-security-group-ou/#comment-9561
Wed, 21 Jun 2017 05:59:38 +0000/blogs/davestork/archive/2012/02/07/do-not-move-rbac-role-group-out-of-the-exchange-security-group-ou.aspx#comment-9561thanks! unfortunately any attempt to install a cummulative update later on also fails with a weird error message, if you move the whole OU somewhere else in the tree:

Error:
The following error was generated when “$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions

” was run: “System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.CreateOrMoveEWPGroup(ADGroup ewp, ADOrganizationalUnit usgContainer)
at Microsoft.Exchange.Management.Tasks.InitializeExchangeUniversalGroups.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc)
at Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()”.

My solution was to move it back and setup (specifically the following command: setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms) worked.

]]>Comment on Can I place my Exchange hybrid management server in Azure and use Azure Domain Services? by Rickhttps://dirteam.com/dave/2017/03/31/can-i-place-my-exchange-hybrid-management-server-in-azure-and-use-azure-domain-services/#comment-6543
Mon, 08 May 2017 23:43:41 +0000https://dirteam.com/dave/?p=942#comment-6543I have heard that Azure is generally blacklisted and, if you needed to use this server for routing mail to/from Office365, it will not work. We have a need to route all e-mail to an Exhange server to process corporate e-mail signatures on all internal and external (internet-bound) e-mails and wanted to use an Azure-based hybrid server for this and for management activities. So, our server would need to send e-mail back to our Office 365 tenant but may not be able to due to the blacklisting of Azure servers.
]]>Comment on Can I place my Exchange hybrid management server in Azure and use Azure Domain Services? by Dave Storkhttps://dirteam.com/dave/2017/03/31/can-i-place-my-exchange-hybrid-management-server-in-azure-and-use-azure-domain-services/#comment-4540
Mon, 10 Apr 2017 10:42:54 +0000https://dirteam.com/dave/?p=942#comment-4540It would basically be the same as every 2010->2016 migration. You would have to set the SCP to $null again and re-run the O365 HCW again, perhaps with minimal Hybrid as configuration option. Then manually adjust again to your desired state.
]]>Comment on Can I place my Exchange hybrid management server in Azure and use Azure Domain Services? by RKasthttps://dirteam.com/dave/2017/03/31/can-i-place-my-exchange-hybrid-management-server-in-azure-and-use-azure-domain-services/#comment-3248
Fri, 31 Mar 2017 14:46:27 +0000https://dirteam.com/dave/?p=942#comment-3248OK but what when we have Exchange 2010 on-premises and all mailboxes are in the cloud. We set AutodiscoverSCP to $null and set autodiscover DNS to O365 with a CNAME. Then we remove the hybrid configuration with Remove-hybridconfig and disable IntraOrgConnectors and remove the Send/Receive Connectors (as per https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx). What if we want to upgrade the on-premises server to Exchange 2016 ?
]]>Comment on Exchange Server 2016 is available! Now what? by Dave Storkhttps://dirteam.com/dave/2015/10/01/exchange-server-2016-is-available-now-what/#comment-2461
Wed, 09 Dec 2015 16:39:06 +0000http://dirteam.com/dave/?p=897#comment-2461I haven’t tested it but I assume that there has been no change in that department.

To understand, the MsExchangeDelegateLink attribute of the user who receives Full Access permissions is changed to include the mailbox ID to which you have Full Access & AutoMapping. This is read by Outlook via AutoDiscover and that triggers Automapping. So it’s information in your own account, not the shared mailbox. That why it doesn’t work with groups, for that to work a mechanism that checks memberships and adds that attribute to accounts who are members must be in place. Could get kinda tricky.

]]>Comment on Test it yourselves: Exchange Server 2016 Preview is now available! by Jason Collotzihttps://dirteam.com/dave/2015/07/22/test-it-yourselves-exchange-server-2016-preview-is-now-available/#comment-2025
Wed, 02 Sep 2015 15:04:06 +0000http://dirteam.com/dave/?p=824#comment-2025Sorry left the comment with the wrong article
]]>Comment on Test it yourselves: Exchange Server 2016 Preview is now available! by Jason Collotzihttps://dirteam.com/dave/2015/07/22/test-it-yourselves-exchange-server-2016-preview-is-now-available/#comment-2024
Wed, 02 Sep 2015 15:01:17 +0000http://dirteam.com/dave/?p=824#comment-2024Hi Dave I am looking at your “Granting Mailbox Full Access via Groups and keeping the Automapping feature in Exchange 2010” article. Great job by the way. Is it possible to not remove group objects when the script is run only user objects? I want to put the source group that is supposed to have permissions to the mailbox in the Shared Mailbox permissions so I can use it to rerun the script in the future. That way I don’t have to maintain a CVS I can auto-generate it at will. Thanks
]]>Comment on Checking security protocols and ciphers on your Exchange servers by Dave Storkhttps://dirteam.com/dave/2015/06/07/checking-security-protocols-and-ciphers-on-your-exchange-servers/#comment-1585
Wed, 01 Jul 2015 11:39:41 +0000http://dirteam.com/dave/?p=792#comment-1585Depends on what you consider security, it has many aspects (prevention of data loss or leakage, availability to name a few).
Obviously protection from malware and spam is important, a good filter is crucial whether it’s cloud based, appliance or a application integrated in Exchange. Spoofing is another issue, that can be limited by using DMARC (and DKIM altough Exchange doesn’t support that natively) and a correct SPF record.
If you have a specific concern, just let me know and I’ll see if I can find usefull resources or write a post myself.
]]>Comment on Checking security protocols and ciphers on your Exchange servers by Shambhu Sharmahttps://dirteam.com/dave/2015/06/07/checking-security-protocols-and-ciphers-on-your-exchange-servers/#comment-1532
Tue, 09 Jun 2015 08:26:24 +0000http://dirteam.com/dave/?p=792#comment-1532What else can we include in security checking for exchange servers?
]]>Comment on Azure Active Directory Synchronization: Filtering, Part 1 by Thomashttps://dirteam.com/dave/2015/04/06/azure-active-directory-synchronization-filtering-part-1/#comment-1383
Wed, 27 May 2015 08:24:23 +0000http://dirteam.com/dave/?p=689#comment-1383It helped 🙂
]]>Comment on Azure Active Directory Synchronization: Filtering, Part 1 by Turbomcphttps://dirteam.com/dave/2015/04/06/azure-active-directory-synchronization-filtering-part-1/#comment-1108
Mon, 04 May 2015 20:20:23 +0000http://dirteam.com/dave/?p=689#comment-1108thanks
]]>Comment on Azure Active Directory Synchronization: An Introduction, Part 1 by Dave Storkhttps://dirteam.com/dave/2015/03/30/azure-active-directory-synchronization-an-introduction-part-1/#comment-814
Wed, 01 Apr 2015 14:42:07 +0000http://dirteam.com/dave/?p=640#comment-814Thanks for the compliments!
No typo, AAD Connect will make it possible to in-place upgrade existing DirSync installs to AADSync. More info here. Currently it’s not possible to in-place upgrade DirSync with the seperate download AADSync (i.e. without AAD Connect), so that’s a nice new addition. AAD Connect is more of a install/configure/test tool which includes AADSync. AADSync will not be released as a seperate download any longer when AAD Connect will reach General Availability (GA). I assume that AAD Connect will be able to update current AADSync installations not installed via AAD Connect, but I haven’t checked that yet.
]]>Comment on Azure Active Directory Synchronization: An Introduction, Part 1 by Sander Klaassenhttps://dirteam.com/dave/2015/03/30/azure-active-directory-synchronization-an-introduction-part-1/#comment-813
Wed, 01 Apr 2015 11:59:46 +0000http://dirteam.com/dave/?p=640#comment-813Under AADSync i read:
“An in-place upgrade from DirSync to AADSync is (currently) not supported… However, that will change in the future. For more information, see AAD Connect.”

Under AAD Connect, i read:
“It will be possible to in-place upgrade from DirSync to AADSync,”

So AAD Connect makes it possible to “upgrade” dirsync to AADsync.?
Is this a typo and should it state that AADSync will be upgradable to AAD Connect (i would expect to read the upgrade posibilitires for AADConnect there, not DirSync to AADSync)